PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-43404 Linux CVE debrief

CVE-2026-43404 is a Linux kernel availability bug in the memory-management path. According to the kernel fix summary, hmm_range_fault() could spin after a folio_trylock() failure in do_swap_page() while trying to lock a device-private folio for migration to RAM. In a narrow set of conditions, the spinning task can starve the work item needed by the lock holder, creating a livelock/starvation loop that does not resolve on its own. The issue is marked Medium severity by NVD and is fixed by changing the wait behavior so the code waits for the folio to unlock instead of spinning.

Vendor
Linux
Product
Unknown
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-08
Original CVE updated
2026-05-21
Advisory published
2026-05-08
Advisory updated
2026-05-21

Who should care

Linux kernel maintainers, distro security teams, and operators running kernels with heterogeneous memory management or zone-device/device-private memory support should care most. Systems using affected kernel releases, especially where local users can exercise the path, should be prioritized for patching.

Technical summary

NVD maps this as a local, low-privilege availability issue with CVSS 3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H and CWE-667. The kernel advisory says the problem occurs when do_swap_page() hits folio_trylock() failure while handling device-private folio migration. Under specific timing and preemption conditions, the thread spins waiting to acquire the lock, but the lock holder may be waiting on a work item scheduled on the same CPU, so progress is starved. The fix changes the logic to wait for unlock rather than spin, and the related helper was renamed from migration_entry_wait_on_locked() to softleaf_entry_wait_unlock().

Defensive priority

Medium. This is a local availability problem rather than a code-execution issue, but it can deadlock or livelock kernel progress under the documented conditions. Patch priority is higher on systems that use HMM or device-private/zone-device memory features.

Recommended defensive actions

  • Apply the kernel fixes referenced by the official stable patch links.
  • Update affected Linux kernel systems to versions outside the vulnerable ranges listed by NVD (6.15 before 6.18.19, 6.19 before 6.19.9, and the listed 7.0 release candidates).
  • Prioritize systems that use heterogeneous memory management, device-private folios, or zone-device memory.
  • Track vendor kernel advisories and stable backports for your distribution before scheduling maintenance windows.
  • Validate that deployed kernels include the folio wait behavior change and related helper rename in the patched code path.

Evidence notes

The CVE description states that hmm_range_fault() could livelock/starve in do_swap_page() when folio_trylock() fails while migrating device-private folios to RAM. It also states the fix: wait for the folio to unlock instead of spinning, and rename the helper to softleaf_entry_wait_unlock(). NVD marks the issue as analyzed, assigns CVSS 3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, and lists vulnerable Linux kernel ranges starting at 6.15 and 6.19 plus 7.0-rc1 and 7.0-rc2. The official references include three kernel stable patch links.

Official resources

Published 2026-05-08T15:16:51.887Z; last modified 2026-05-21T19:21:22.460Z. The issue was disclosed and analyzed through official CVE/NVD records and kernel patch references.